WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

Description

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed

Proof of Concept

When adding new courses, the following fields can have XSS payloads like "><script>alert(1)</script> injected into them: 
- Course Settings > General > External Link field 
- Course Settings > Extra Information > Requirements field
- Course Settings > Extra Information > Target Audience field
- Course Settings > Extra Information > Key Features field
- Course Settings > Extra Information > FAQ Title field

Affects Plugins

learnpress
Fixed in version 4.1.3.1

References

CVE
CVE-2021-24702

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Shivam Rai

Submitter

Shivam Rai

Submitter twitter
shivam24rai
Verified

Yes

WPVDB ID
30635cc9-4415-48bb-9c67-ea670ea1b942

Timeline

Publicly Published

2021-09-20 (about 1 years ago)

Added

2021-09-20 (about 1 years ago)

Last Updated

2022-04-10 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin